SailPoint intergrate with OrangHRM and Active Directory

Hello everyone,

I’ve recently started learning SailPoint IIQ and could use some guidance.
I have installed SailPoint version 8.5, and it’s already integrated with both OrangeHRM and Active Directory.

My goal is to automatically create user accounts in Active Directory based on employee data from OrangeHRM.
I’ve successfully aggregated data from OrangeHRM using the “Aggregate OrangeHRM” task, and I can see the employee records in SailPoint.

What should I do next to ensure these employee records are provisioned as users in Active Directory?
Any advice or best practices would be greatly appreciated.

Thank you!

Hi @benutop55

Create a business role.

Add an Assignment Rule in that business that rule that matches your criteria or attribute that matches with the identity attribute that you are populating with the value of orangeHRM.

ex- if userType is employee.

Once added. create an IT role that gives group of Active Directory and assign this IT role to the business role that you have just created in previous step.

Once all these three steps are done. Run a refresh with Refresh assigned and detected role option and Provision assignments option selected.

Check the user and see it has role or application or not.

Hi @msingh900, thanks for your response.

Do I need to modify the Provisioning Policy for the Active Directory application, particularly the “Create Account”?

In Active Directory, by default they will provide Create Account provisioning policy. You need to add field value rule to map the correct values at the time of provisioning.

If you do not edit then it will generate a work item to fill the details.

So, better to add the Value settings for mandatory variables like CN and password , etc.

okay, I will try as you directed.

Thankyou

Sure, Let me know if you need any other help.

Thanks

Hi @msingh900

I’ve successfully performed the Joiner process to Active Directory — the user account was created successfully by defining a rule in the Provisioning Policies.

Now, I’d like to know:
How can I handle updates to existing users when their data changes, for example, when an employee’s position is updated?

I want the user’s information in Active Directory to be updated automatically without creating a new user account.
Is that possible? If so, how can I configure it?

Thanks.

Yes it can be done via adding Target Mapping under identity mappings.

Navigate to Global Settings > Identity Mappings.

Search for the identity attribute that you want to configure.

Click on it.

Under target mappings, add a new entry, choose ad application, account attribute where you want to do the data flow.

Hi @benutop55 if the solutions provided by @msingh900 worked could you please mark it as resolved/solution so it can be helpful for the others who are searching for the same or similar questions :).

Have a nice and great one!

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.